The present invention relates generally to telecommunications and, in one preferred embodiment, concerns a method and apparatus for achieving real-time fraudulent traffic security for Internet telephony, also known as Voice over Internet Protocol (VoIP) telephony.
Today, the field of Internet telephony has proven to be a viable technology and is evolving at an ever increasing rate. Moreover, it is now common to use any type of telephone terminal, handset, cell phone, etc. to initiate or receive a VoIP call by connecting to the public switched telephone network (PSTN) to access a gateway, the call travelling through the Internet to a remote party via one or more gateways.
The PSTN is a circuit switched network. That is, the PSTN assigns a dedicated communication line to a user with which to complete the telephone call, and the user can utilize the assigned resource of the PSTN in any way he chooses. It is understood that the user is paying for the use of the dedicated resource of the PSTN. While the circuit switched approach of the PSTN system is not necessarily the most efficient system in terms of call traffic (i.e., it does not make use of the “dead space” common in a conversation), it is relatively easy to ensure that information destined for a particular user is delivered. The PSTN provides a dedicated line to complete the transaction.
The Internet is a packet switched network in which communication is accomplished by breaking the transmitted data into “packets”, based primarily on communication content, and interleaving the packets to best utilize the bandwidth available at any given time on the Internet. When the packets reach their intended destination, they must be reassembled into the originally transmitted data. Loss of packets, and thus data, occurs frequently in such a network, and the ability of the network to successfully transmit information from one point in the network to another determines the quality of the network. For inter-computer communication transactions involving non real-time data, the ability to transmit packets and retransmit any packets that are perceived to have been dropped is not a severe limitation and may not even be perceived by the user of the system. However, in a voice communication transaction, the delay required to retransmit even one data packet may be perceived by a user.
A system of gateways disposed on the Internet facilitates VoIP telephony by permitting the gateways to act as protocol bridges between the PSTN and the Internet. Typically, a VoIP service provider will operate a VoIP network which can facilitate a VoIP call that traverses both PSTN networks and packet switched networks like the Internet. The originator of a VoIP call may use a standard telephone connected to a first PSTN to dial a telephone number of another person on a second PSTN. A trunk line of the first PSTN connects to an originator gateway (server) that connects the first PSTN to a packet switched network, such as the Internet. The initiator gateway sends its position in the network along with the telephone number of the call recipient (within the second PSTN) to a route server, which determines which of many other gateways should be used to complete the call to the telephone number in the second PSTN and transmits this information to the initiator gateway. A call connection is then established between the originator gateway and a terminator gateway serving the second PSTN, which may involve routing the call through a number of intermediate servers on the Internet. The terminator gateway completes the call to the called party by connecting to the second PSTN.
The connection of a call between users on PSTNs is just provided as an example. Those skilled in the art will appreciate that the users need not necessarily communicate via a PSTN. In general, a call will be considered as originating with a customer of the VoIP service provider and being destined to a call recipient (regardless of the type of connection to the customer or the recipient).
The VoiP service provider typically generates revenue, at least in part, by buying and reselling call completion services. That is, when an originator gateway in the United States, for example, needs to complete a call to Luxembourg, for example, the VoiP provider will cause the originator gateway to send that call through a particular terminating gateway that can terminate the call off the Internet and complete it to its final destination in Luxembourg. The VoiP service provider will pay the terminating gateway operator a fee, say fifty cents per minute, for such termination services, but will charge the operator of the originator gateway fifty five cents per minute, for example, for such termination services to Luxembourg. The five cent difference is the VoiP service provider's profit.
Further details of techniques used in furtherance of the foregoing are described in commonly owned U.S. Pat. No. 6,404,864, (“the '864 patent”) assigned to the same assignee as the present application. The disclosure of the '864 patent is hereby incorporated by reference in its entirety.
The business model is viable in large part due to the fact that the various carriers that operate around the world often do not have individual contractual relationships with each other. The VoiP service provider thus acts, in a loose sense, as a matching service that matches those seeking to send calls to specific destinations, with those seeking to earn money by terminating such calls in those destinations. The contractual relationships required however, are typically between the various carriers that operate the originating and terminating gateways, and the VoiP service provider.
If the VoiP service provider contracts for termination services with a particular terminating gateway operator, for a particular originating gateway, and the operator of the originating gateway does not pay the VoiP service provider for such services, the VoiP service provider will still be contractually bound to pay the terminating gateway operator. This results in loss of revenue, and often happens in the case of fraud or hacking Specifically, if someone hacks into the local network connected to an originating gateway, they can send fraudulent calls to the VoiP service provider. The operator of the originating gateway may not pay for those calls, and the VoiP service provider will have contracted with a terminating gateway operator for completion of those calls. Hence, a loss of revenue to the VoiP service provider results.
Further, an originating gateway operator may be a small carrier without a sophisticated security system. It is thus often possible for a malicious source to breach a system and relay malicious traffic to the VoIP service provider, which appears to be legitimate customer traffic, without the customer (i.e.; the originating gateway operator) even being aware. The VoIP service provider is ultimately responsible to remunerate the downstream service providers, and often the defrauded customer is too small to assume the financial losses, or not legally responsible.
One serious problem is that the fraudulent traffic may not be discovered until days or weeks later, when call detail records (“CDR”) show an unusually high amount of traffic and unusually high charges to a specific destination, for example. Another problem is that the fraud that results in loss to the VoiP service provider is often fraud committed against one of the carriers' networks, not directly against the VoiP service provider. Hence, it is difficult for the VoiP service provider to manage it, even though the resulting loss is largely borne by the VoiP service provider.
The VoIP service provider must play a delicate balancing act between not being overzealous, allowing legitimate traffic from customers to flow to high risk (expensive) destinations even when the volume increases, and being exposed to significant financial losses if it does not properly and quickly react to situations that do, in fact, involve fraudulent traffic from trusted customers.